Attacks

Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) released an update to Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by- Design and -Default with the following international partners: Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) United Kingdom’s National Cyber Security Centre (NCSC-UK) Germany’s Federal Office for Information Security (BSI) Netherland’s National Cyber Security Centre (NCSC-NL) Norway’s National Cyber…

Read More

CISA released nineteen Industrial Control Systems (ICS) advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-285-01 Siemens SIMATIC CP products ICSA-23-285-02 Siemens SCALANCE W1750D ICSA-23-285-03 Siemens SICAM A8000 Devices ICSA-23-285-04 Siemens Xpedition Layout Browser ICSA-23-285-05 Siemens Simcenter Amesim ICSA-23-285-06 Siemens SICAM PAS/PQS ICSA-23-285-07 Siemens RUGGEDCOM APE180 ICSA-23-285-08 Siemens SINEC NMS ICSA-23-285-09 Siemens CPCI85 Firmware of SICAM A8000 Devices ICSA-23-285-10 Siemens Tecnomatix Plant Simulation  ICSA-23-285-11…

Read More

Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns: A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog that identifies KEVs associated with ransomware campaigns. A “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table on StopRansomware.gov that identifies misconfigurations and weaknesses associated with ransomware campaigns. The table features a column that identifies the Cyber Performance Goal (CPG) action for each misconfiguration…

Read More

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA), #StopRansomware: AvosLocker Ransomware (Update) to disseminate known indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023. This release updates the March 17, 2022 joint CSA, Indicators of Compromise Associated with AvosLocker ransomware, released by FBI, CISA, and the…

Read More

Today, CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS). In alignment with CISA’s recently released Open Source Security Roadmap, the guidance provides recommendations to OT/ICS organizations on: Supporting OSS development and maintenance, Managing and patching vulnerabilities in OT/ICS environments, and Using the Cross-Sector Cybersecurity Performance Goals…

Read More

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2023 Security Update Guide and apply the necessary updates.  

Read More

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply the necessary updates: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967  Citrix Hypervisor Multiple Security Updates

Read More

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023. CISA recommends organizations that provide HTTP/2 services apply patches when available and consider configuration changes and other mitigations discussed in the references below. For more information on Rapid Reset, see: Cloudflare: HTTP/2 Rapid Reset: deconstructing the record-breaking attack Google: How it works: The novel…

Read More

Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: iOS 17.0.3 and iPadOS 17.0.3.

Read More

Atlassian released a security advisory to address a vulnerability affecting Confluence Data Center and Confluence Server. A remote cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: CVE-2023-22515 – Privilege Escalation Vulnerability in Confluence Data Center and Server.

Read More